中圖分類號： TN915.08
文獻標識碼： A
DOI：10.16157/j.issn.0258-7998.222641
中文引用格式： 呂樂樂，董偉，趙云飛，等. 基于Q算法的認證協議漏洞挖掘技術研究[J].電子技術應用，2022，48(10)：63-68.
英文引用格式： Lv Lele，Dong Wei，Zhao Yunfei，et al. Research on the vulnerability mining technology of authentication protocol based on Q-learning[J]. Application of Electronic Technique，2022，48(10)：63-68.

Research on the vulnerability mining technology of authentication protocol based on Q-learning

Abstract： The authentication and authorization protocol allows a third party to obtain user resources without disclosing the user password, solves the problem of third-party authorization under the cloud platform, and improves the user′s interactive experience. However, the uncertainty and complexity of the protocol in interactive processing may lead to logical loopholes in its practical application. To solve this problem, a fuzzy simulation method is proposed. By fuzzy processing the protocol interaction process, the logical loopholes of the protocol are found by using the uncertainty of the action of the protocol entity. At the same time, combined with SA-Q reinforcement learning algorithm, the agent is trained to learn the optimal fuzzy strategy and mine the loopholes intelligently. After testing, it is found that compared with the basic Q-learning algorithm, the convergence speed of this method is improved by 9.27%, which makes the model easier to converge during training and effectively improves the efficiency of vulnerability mining.

Key words : authentication authorization protocols；logical vulnerabilities；fuzzy simulation；Q reinforcement learning algorithms